IF YOU’RE OFFERING network or cybersecurity assessments like buy-one-get-one-free coupons, you’re missing out on huge opportunities for your clients and your own bottom line. Assessments that are sold and executed correctly, experts say, can bring both business-changing value to clients and revenue-generating services to channel pros.
The consensus around giving away assessments is clear: Don’t do it. At least, don’t give too much. Giveaways undermine the importance of doing thorough assessments and devalue MSPs’ expertise.
“Historically, assessments have been something MSPs have used almost as a foot in the door, with the goal being to then have a conversation about managed services,” says Richard Tubb, a U.K.-based IT business growth expert. Now, he says, savvy MSPs use assessments as a consultancy tool rather than as a sales tool.
The “light” presales assessments some MSPs provide are unlikely to generate enough information to make a significant difference for the prospect or foster valuable sales opportunities anyway, says Peter Melby, president of Greystone Technology, an IT services provider in Denver. Instead, he recommends selling a deeper assessment up front. The dozens of hours you invest will make you the go-to for solving the problems you identify, because the process itself helps build trust with the customer.
Some providers credit the cost of assessments against ongoing service bills. That’s better than free, but not ideal, says Tubb. “I think charging outright is a great way to set the value barometer and say, ‘Hey, the work that we do is valuable, and we’ll charge you for it.’”
If you must give something away, a dark web scan is one creative and inexpensive way to catch clients’ attention presales, says Erick Simpson, a security, cloud, and managed services business consultant. His clients have won assessment sales appointments by alerting prospects that credentials from their domain are for sale in the cybercrime black market.
Thankfully, a few current trends are making it easier to build a case for thorough—and billed—assessments. For one, the businesses many SMBs sell to are increasingly asking questions about security. “Our clients’ customers expect a level of sophistication and security that’s driving change,” says Melby. “Clients in the process of landing large customers are now having to verify they have certain things in place, and that’s definitely new.”
Additionally, emerging data privacy laws like Europe’s GDPR and the California Consumer Privacy Act are introducing compliance concerns to all businesses. Tubb says these laws arm channel pros to position themselves as trusted advisers by treating assessments as part of a broader compliance strategy.
What to Assess
Assessments are “part art and science,” says Simpson. “You’ve got to be able to demonstrate the data that can’t be disputed.” In addition to asset inventories, penetration risks, and equipment age, assessments should uncover vulnerabilities such as personally identifiable information and sensitive records that shouldn’t be on a network. That can require patience and diligence.
“Organizations are oftentimes very fragmented. The accounting department might have three different systems that IT doesn’t even know about,” says Melby. Talking to multiple departments can help you better understand—and explain to the customer—how internal activities might pose threats.